Using the current CVS version of Xft, I observed a crash in _XftReleaseFile when passing FT_Face objects directly to Xft. I guess it was introduced in your 2004-08-03 commit, and appears to be due to a simple operator precedence bug. A patch will be attached shortly. The problem expression is below: sizeof (XftFtFile) + f->file ? strlen (f->file) + 1 : 0 Which is interpreted as: (sizeof (XftFtFile) + f->file) ? (strlen (f->file) + 1) : 0 So the result of this expression will always be (strlen(f->file) + 1), even if f->file is NULL.
Created attachment 1411 [details] [review] xftreleasefile-crash.patch
Thanks, James.
Roland -- this patch seems like good 6.8.2 material, but I don't know the state of the Xft bits which are in the monolithic tree. As you can see, the patch has been applied to the upstream Xft source tree.
Should we reassign this bug to Xorg now perhaps, for tracking in the mono tree? Or should we file a new bug report to point to this one, and nominate it for 6.8.3?
I actually filed bug 1958 against Xorg, noting that it needed to pull in the fix from standalone Xft. However that bug didn't see any responses, and got marked as NOTOURBUG (which I think was a mistake).
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.